VARIoT IoT vulnerabilities database

IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple iOS, tvOS and watchOS are prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with kernel privileges. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. IOAcceleratorFamily is one of the IO acceleration management components. The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, tvOS prior to 9.2.2, watchOS prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-3 watchOS 2.2.2 watchOS 2.2.2 is now available and addresses the following: CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Sandbox Profiles Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt r+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg PyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld 0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL ntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ T9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP 5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS m1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP ks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd l48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc nUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3 nb7PSAEOmpjCwkMbzdvm =l25N -----END PGP SIGNATURE-----

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. Authentication is required to exploit this vulnerability.The specific flaw exists within upAdminPg.asp. One project administrator can view other project administrators' passwords along with the system administrator's password. An attacker can leverage this vulnerability to escalate privileges within the system. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. ActiveX is one of the components used to transmit dynamic images in surveillance. A version of ActiveX prior to Advantech WebAccess 8.1_20160519 has a security vulnerability. An attacker could exploit the vulnerability to insert or run arbitrary code on an affected system

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. This vulnerability "httpoxy" Is called a problem. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05333297 Version: 1 HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-11-15 Last Updated: 2016-11-15 Potential Security Impact: Remote: Unauthorized Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information. References: - CVE-2016-5385 - PHP, HTTPoxy SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP StoreEver MSL6480 Tape Library prior to 5.10 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-5385 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has provided resolution of this vulnerability in the HPE StoreEver MSL6480 Tape Library firmware version 5.10: * <http://h20564.www2.hpe.com/hpsc/swd/public/readIndex?sp4ts.oid=5385625&swLan Oid=8&swEnvOid=54> HISTORY Version:1 (rev.1) - 15 November 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php54-php security update Advisory ID: RHSA-2016:1610-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1610.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 ===================================================================== 1. Summary: An update for php54-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrPSRXlSAg2UNWIIRAm7eAJ46bwD5dNGjO2qoFKsoL92xftbbTgCgkeMg 3r5SaIOUCU9fw1VuBLjTlPI= =fzN3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information: https://php.net/ChangeLog-5.php#5.6.24 For the stable distribution (jessie), these problems have been fixed in version 5.6.24+dfsg-0+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 7.0.9-1 of the php7.0 source package. We recommend that you upgrade your php5 packages. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. For more information, see: http://php.net/ChangeLog-5.php#5.6.24 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz Slackware 14.1 package: aea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz Slackware x86_64 14.1 package: ab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz Slackware 14.2 package: c88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz Slackware x86_64 14.2 package: ed5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz Slackware -current package: c25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz Slackware x86_64 -current package: 17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.6.24-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Bug Fix(es): * Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758) 4. ========================================================================= Ubuntu Security Notice USN-3045-1 August 02, 2016 php5, php7.0 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain SplMinHeap::compar e operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Thi s issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116 ) It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873) It was discovered that PHP incorrectly validated certain Exception object s when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2015-8876) It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use thi s issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935) It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093) It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-5094, CVE-2016-5095) It was discovered that the PHP fread() function incorrectly handled certa in lengths. An attacker could use this issue to cause PHP to crash, resultin g in a denial of service, or possibly execute arbitrary code. This issue on ly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096) It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker cou ld use this issue to cause PHP to crash, resulting in a denial of service, o r possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114) It was discovered that PHP would not protect applications from contents o f the HTTP_PROXY environment variable when based on the contents of the Pro xy header from HTTP requests. A remote attacker could possibly use this issu e in combination with scripts that honour the HTTP_PROXY variable to redire ct outgoing HTTP requests. (CVE-2016-5385) Hans Jerry Illikainen discovered that the PHP bzread() function incorrect ly performed error handling. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399) It was discovered that certain PHP multibyte string functions incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768) It was discovered that the PHP Mcrypt extension incorrectly handled memor y. A remote attacker could use this issue to cause PHP to crash, resulting i n a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker coul d use this issue to cause PHP to crash, resulting in a denial of service, o r possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773) It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP t o crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772) It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cau se PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-6288) It was discovered that PHP incorrectly handled path lengths when extracti ng certain Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289) It was discovered that PHP incorrectly handled session deserialization. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290) It was discovered that PHP incorrectly handled exif headers when processi ng certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT S and Ubuntu 16.04 LTS. (CVE-2016-6295) It was discovered that the PHP xmlrpc_encode_request() function incorrect ly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296) It was discovered that the PHP php_stream_zip_opener() function incorrect ly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2 php7.0-cgi 7.0.8-0ubuntu0.16.04.2 php7.0-cli 7.0.8-0ubuntu0.16.04.2 php7.0-fpm 7.0.8-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19 php5-cgi 5.5.9+dfsg-1ubuntu4.19 php5-cli 5.5.9+dfsg-1ubuntu4.19 php5-fpm 5.5.9+dfsg-1ubuntu4.19 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.24 php5-cgi 5.3.10-1ubuntu3.24 php5-cli 5.3.10-1ubuntu3.24 php5-fpm 5.3.10-1ubuntu3.24 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3045-1 CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297 Package Information: https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 30, 2016 Bugs: #578734, #581834, #584204, #587246, #591710, #594498, #597586, #599326 ID: 201611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.6.28 >= 5.6.28 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28" References ========== [ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201611-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the IOHIDFamily kernel extension. The issue lies in the failure to validate a supplied length value causing a heap buffer overflow. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of the kernel. Apple tvOS, Mac OS X and iOS are prone to a memory-corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. Note: This issue was previously titled 'PHP CVE-2016-4650 Multiple Remote Code Execution Vulnerabilities'. The title has been changed to better reflect the vulnerability information. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. Apple OS X Used in and other products bsdiff of bspatch of bspatch.c Contains an integer sign error vulnerability. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. bsdiff is one of the tool components used to build patched binaries. ========================================================================== Ubuntu Security Notice USN-4500-1 September 15, 2020 bsdiff vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: bsdiff could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - bsdiff: generate/apply a patch between two binary files Details: It was discovered that bsdiff mishandled certain input. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: bsdiff 4.3-15+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4500-1 CVE-2014-9862 Package Information: https://launchpad.net/ubuntu/+source/bsdiff/4.3-15+deb8u1build0.16.04.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:25.bspatch Security Advisory The FreeBSD Project Topic: Heap vulnerability in bspatch Category: core Module: bsdiff Announced: 2016-07-25 Affects: All supported versions of FreeBSD. Corrected: 2016-07-25 14:52:12 UTC (stable/11, 11.0-BETA2-p1) 2016-07-25 14:52:12 UTC (stable/11, 11.0-BETA1-p1) 2016-07-25 14:53:04 UTC (stable/10, 10.3-STABLE) 2016-07-25 15:04:17 UTC (releng/10.3, 10.3-RELEASE-p6) 2016-07-25 15:04:17 UTC (releng/10.2, 10.2-RELEASE-p20) 2016-07-25 15:04:17 UTC (releng/10.1, 10.1-RELEASE-p37) 2016-07-25 14:53:04 UTC (stable/9, 9.3-STABLE) 2016-07-25 15:04:17 UTC (releng/9.3, 9.3-RELEASE-p45) CVE Name: CVE-2014-9862 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The bspatch utility generates newfile from oldfile and patchfile where patchfile is a binary patch built by bsdiff(1). II. Problem Description The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project. III. Impact An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No reboot is needed. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install No reboot is needed. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:25/bspatch.patch # fetch https://security.FreeBSD.org/patches/SA-16:25/bspatch.patch.asc # gpg --verify bspatch.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r303301 releng/9.3/ r303304 stable/10/ r303301 releng/10.1/ r303304 releng/10.2/ r303304 releng/10.3/ r303304 stable/11/ r303300 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://bugs.chromium.org/p/chromium/issues/detail?id=372525> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.asc> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.13 (FreeBSD) iQIcBAEBCgAGBQJXlir7AAoJEO1n7NZdz2rnTtAP/iFnhrcmRuxmeMGtVPWHZFhH /I2iB62wGf4vNGVedwh3fHPEgjEpMvDVP7S+OCLB7Fnf+Mwm9uL47cjxdr/P5dy8 iKRsojG7HVE3Iia7DyaSEQwbJMQZGWsy2wr9epiHPoOpnSaWKUBx94C+oc7gPdM5 8LW5OpUgSpFCztQ82gbM/2Bjy5OREJQP6ASW62WO+MkD7n+ZUzsUCdR13bzvpA23 BaNeInQArn5Zf3OiZXjQ9Go1muml2llQmqxeb8p3V9IbJ3mdUBQat1AtF/yXfpWA tkUfgqAaoKbjOrk22h/wBRssPlqqftZDXWqi2KlkEltqyU1evnsb5UVCu0SZdgkW lQlnE1vymJCnxC211SweDNbbP8laR0OpjRxUxljSXVMXag4Lh9+9aD6zIZ9zZNi7 MxXEasLZViwq8gEbZLlLUfcOQVv6T+3jTiH8aRUYFp5PsBGBgQCAQgGCEaztQTNr lnSp/rqnP7FEu7gsHtP3wGK03RItNketbKMSUzV5eXiWmVYC3a6/WboqqJuqhDka zs3W0h0Fw6iqk6CfImHnhD1unarXnSQU5vRcf9srnUvS0XgYS/113BQK23SjGmki OIJe3Wm0CrcChAf8lKdeyPlKFcN906EkQ8Hh8vB00B9BZCXYLY9zBK6lW40NA1UN cy+ljfLX/xwCNIJJXdwH =FL3H -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following: apache_mod_php Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650 Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc. CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900 OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . Resolution ========== All Binary diff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/bsdiff-4.3-r4" References ========== [ 1 ] CVE-2014-9862 https://nvd.nist.gov/vuln/detail/CVE-2014-9862 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-44 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within CoreGraphics. By interacting with PKGTransactionWillSwitchSpaces, an attacker can cause a memory corruption condition. An attacker could leverage this vulnerability to execute arbitrary code under the context of the WindowServer. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Login Window is one of the login window components

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion.". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within CoreGraphics. By interacting with _XSetDictionaryForCurrentSession, an attacker can cause a type confusion condition. An attacker could leverage this vulnerability to execute arbitrary code under the context of the WindowServer. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Login Window is one of the login window components

The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Graphics Drivers is one of the graphics driver components

Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion.". By interacting with _XSetApplicationBindingsForWorkspaces, an attacker can cause a type confusion condition. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges under the context of WindowServer. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Login Window is one of the login window components

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app. The issue lies in the failure to properly validate user-supplied data which can result in a memory corruption condition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within CoreGraphics. By interacting with _XRegisterCursorWithData, an attacker can cause a heap buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code under the context of the WindowServer. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Login Window is one of the login window components

Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the AppleIntelBDWGraphics kernel extension. The issue lies in the failure to properly check user-supplied arguments during an IOKit call. An attacker can leverage this vulnerability to execute code within the context of the kernel. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Intel Graphics Driver is one of the graphics driver components

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. ImageIO is one of the static methods used to perform common image I/O operations

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. ImageIO is one of the static methods used to perform common image I/O operations

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. plural Apple Product ImageIO There is a service disruption ( Memory consumption ) There are vulnerabilities that are put into a state.Service disruption by a third party ( Memory consumption ) There is a possibility of being put into a state. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. ImageIO is one of the static methods used to perform common image I/O operations. A security vulnerability exists in ImageIO in several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-3 watchOS 2.2.2 watchOS 2.2.2 is now available and addresses the following: CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Sandbox Profiles Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt r+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg PyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld 0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL ntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ T9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP 5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS m1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP ks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd l48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc nUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3 nb7PSAEOmpjCwkMbzdvm =l25N -----END PGP SIGNATURE-----

CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreGraphics is an iOS built-in drawing framework. A security vulnerability exists in CoreGraphics in several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-3 watchOS 2.2.2 watchOS 2.2.2 is now available and addresses the following: CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Sandbox Profiles Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt r+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg PyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld 0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL ntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ T9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP 5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS m1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP ks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd l48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc nUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3 nb7PSAEOmpjCwkMbzdvm =l25N -----END PGP SIGNATURE-----

Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAuthority may be obtained by local users. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. ImageIO is one of the static methods used to perform common image I/O operations. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-3 watchOS 2.2.2 watchOS 2.2.2 is now available and addresses the following: CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Sandbox Profiles Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt r+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg PyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld 0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL ntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ T9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP 5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS m1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP ks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd l48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc nUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3 nb7PSAEOmpjCwkMbzdvm =l25N -----END PGP SIGNATURE-----

IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. Apple iOS and watchOS are prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to gain access to sensitive information. Apple iOS is an operating system developed for mobile devices; Apple watchOS is an operating system for smart watches. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-3 watchOS 2.2.2 watchOS 2.2.2 is now available and addresses the following: CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Sandbox Profiles Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt r+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg PyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld 0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL ntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ T9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP 5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS m1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP ks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd l48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc nUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3 nb7PSAEOmpjCwkMbzdvm =l25N -----END PGP SIGNATURE-----

IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. plural Apple Product IOHIDFamily Is authorized, or service disruption (NULL Pointer dereference ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. http://cwe.mitre.org/data/definitions/476.htmlAuthorized by local user or service disruption (NULL Pointer dereference ) There is a possibility of being put into a state. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component. A security vulnerability exists in IOHIDFamily in several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-3 watchOS 2.2.2 watchOS 2.2.2 is now available and addresses the following: CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Sandbox Profiles Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt r+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg PyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld 0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL ntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ T9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP 5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS m1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP ks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd l48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc nUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3 nb7PSAEOmpjCwkMbzdvm =l25N -----END PGP SIGNATURE-----

libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. libc++abi is one of the components used to support the C++ standard library